Implementing and Operating Cisco Security Core Technologies (SCOR) — Question 78

Which two prevention techniques are used to mitigate SQL injection attacks? (Choose two.)

Answer options

• A. Check integer, float, or Boolean string parameters to ensure accurate values.
• B. Use prepared statements and parameterized queries.
• C. Secure the connection between the web and the app tier.
• D. Write SQL code instead of using object-relational mapping libraries.
• E. Block SQL code execution in the web application database login.

Correct answer: A, B

Explanation

Options A and B are effective methods for preventing SQL injection attacks. A ensures that only valid data types are processed, while B uses prepared statements and parameterized queries to separate SQL logic from data inputs, making it harder for attackers to manipulate queries. Options C, D, and E do not directly address the specific vulnerabilities associated with SQL injection.